RIM clarifies security issues in light of recent Indian and Saudi government threats

RIM has issued a response to the concerns of many of its users in light of recent developments with foreign governments demanding access to BlackBerry email and text messages. In an effort to avoid a BlackBerry ban RIM has been working with the governments in India and Saudi Arabia to find a solution to provide "legal and national security requirements" by those governments.

In response to the statement published today by the Government of India, and further to RIM's Customer Update dated August 2, RIM wishes to provide this additional information to its customers. Although RIM cannot disclose confidential regulatory discussions that take place with any government, RIM assures its customers that it genuinely tries to be as cooperative as possible with governments in the spirit of supporting legal and national security requirements, while also preserving the lawful needs of citizens and corporations. RIM has drawn a firm line by insisting that any capabilities it provides to carriers for "lawful" access purposes be limited by four main principles:

1. The carriers' capabilities be limited to the strict context of lawful access and national security requirements as governed by the country's judicial oversight and rules of law.

2. The carriers' capabilities must be technology and vendor neutral, allowing no greater access to BlackBerry consumer services than the carriers and regulators already impose on RIM's competitors and other similar communications technology companies.

3. No changes to the security architecture for BlackBerry Enterprise Server customers since, contrary to any rumors, the security architecture is the same around the world and RIM truly has no ability to provide its customers' encryption keys. Also driving RIM's position is the fact that strong encryption is a fundamental commercial requirement for any country to attract and maintain international business anyway and similarly strong encryption is currently used pervasively in traditional VPNs on both wired and wireless networks in order to protect corporate and government communications.

4. RIM maintains a consistent global standard for lawful access requirements that does not include special deals for specific countries.

RIM appears to be caving to the requests of these governments which is sad. Once a system is deemed accessible by any third party (the government), it cannot be trusted as secure. It is true that the "bad guys" might use a secure platform but do we take it away from everyone just because the bad guys can use it?